<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>  

<title>Insert title here</title>
</head>
<body>
匿名用户只能看到这些  <a href="/cp_login">去登陆</a>
<sec:authentication property="principal" var="authentication"/>
<sec:authorize ifAllGranted="ROLE_ADMIN">只有管理人员可以看到
用户名：${authentication.username }<br />
</sec:authorize>


































<div class="container">
	<div class="row clearfix">
		<div class="col-md-12 column">
			<div class="jumbotron">
				<h1>
					步骤
				</h1>
				
				<div>
					<div>
						使用spring security 实现权限判断
					</div>
					<div>
						1.导包 pom.xml
					</div>
					<div>
						&lt;dependencies&gt;
					</div>
					<div>
						&lt;dependency&gt;
					</div>
					<div>
						&lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
					</div>
					<div>
						&lt;artifactId&gt;spring-security-web&lt;/artifactId&gt;
					</div>
					<div>
						&lt;version&gt;3.2.0.RELEASE&lt;/version&gt;
					</div>
					<div>
						&lt;/dependency&gt;
					</div>
					<div>
						&lt;dependency&gt;
					</div>
					<div>
						&lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
					</div>
					<div>
						&lt;artifactId&gt;spring-security-config&lt;/artifactId&gt;
					</div>
					<div>
						&lt;version&gt;3.2.0.RELEASE&lt;/version&gt;
					</div>
					<div>
						&lt;/dependency&gt;
					</div>
					<div>
						&lt;/dependencies&gt;
					</div>
					
					
					<div>
						2.拦截器 web.xml
					</div>
					
					<div>
						&lt;!-- 加载Spring的配置文件 其中contextConfigLocation可能已有 参数自行添加spring-security.xml--&gt;
					</div>
					<div>
						&lt;context-param&gt;
					</div>
					<div>
						&lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
					</div>
					<div>
						&lt;param-value&gt;
					</div>
					<div>
						classpath:spring.xml,
					</div>
					<div>
						classpath:spring-security.xml
					</div>
					<div>
						&lt;/param-value&gt;
					</div>
					<div>
						&lt;/context-param&gt;
					</div>
					
					<div>
						&lt;!-- SpringSecurity 核心过滤器配置 --&gt;
					</div>
					<div>
						&lt;filter&gt;
					</div>
					<div>
						&lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
					</div>
					<div>
						&lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt;
					</div>
					<div>
						&lt;/filter&gt;
					</div>
					<div>
						&lt;filter-mapping&gt;
					</div>
					<div>
						&lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
					</div>
					<div>
						&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
					</div>
					<div>
						&lt;/filter-mapping&gt;
					</div>
					
					<div>
						3.配置 classpath:的spring-security.xml
					</div>
					
					<div>
						&lt;beans:beans xmlns="http://www.springframework.org/schema/security"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xmlns:beans="http://www.springframework.org/schema/beans"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xsi:schemaLocation="http://www.springframework.org/schema/beans
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/security
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/security/spring-security-3.2.xsd"&gt;
					</div>
					
					<div>
						<span class="Apple-tab-span"></span> &lt;http auto-config="true"&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;intercept-url pattern="/tz.jsp" access="ROLE_USER,ROLE_ADMIN"/&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;intercept-url pattern="/admin**" access="ROLE_USER" /&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/http&gt;
					</div>
					
					<div>
						<span class="Apple-tab-span"></span> &lt;authentication-manager&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;authentication-provider&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;user-service&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;user name="root" password="123456" authorities="ROLE_USER" /&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/user-service&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/authentication-provider&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/authentication-manager&gt;
					</div>
					
					<div>
						&lt;/beans:beans&gt;
					</div>
					
					<div>
						检测:访问/tz.jsp目录 需要登录用户名root 使用的是自带的登录界面(先清理cookies)
					</div>
					
					<div>
						基本完成
					</div>
					
					<div>
						控制页面访问xml配置 控制内容访问用标签
					</div>
					
					<div>
						权限一般定为 admin user 匿名 没有包含关系 只能access="ROLE_USER,ROLE_ADMIN"
					</div>
					
					<div>
						访问原理 使用session保存在cookies中 访问时经过filter，filter的类取出进行判断
					</div>
					
					<div>
						可以用在页面元素(使用标签) 地址(在spring-security xml配置) 方法(开启注解并使用pre注解)
					</div>
					
					<div>
						4.(进阶)如果要美化登录界面，则继续 spring-security.xml
					</div>
					
					
					<div>
						&lt;beans:beans xmlns="http://www.springframework.org/schema/security"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xmlns:beans="http://www.springframework.org/schema/beans"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xmlns:sec="http://www.springframework.org/schema/security"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
					</div>
					<div>
						<span class="Apple-tab-span"></span> xsi:schemaLocation="http://www.springframework.org/schema/beans
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/security
					</div>
					<div>
						<span class="Apple-tab-span"></span> http://www.springframework.org/schema/security/spring-security-3.2.xsd"&gt;
					</div>
					
					<div>
						<span class="Apple-tab-span"></span> &lt;http auto-config="true"&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;intercept-url pattern="/tz.jsp" access="ROLE_USER,ROLE_ADMIN"/&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;intercept-url pattern="/admin/**" access="ROLE_ADMIN"/&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span>
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;!-- 自定义登陆页 和成功页 --&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;form-login login-page="/cp_login/index.html"
					</div>
					<div>
						<span class="Apple-tab-span"></span> default-target-url="/index.html"/&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/http&gt;
					</div>
					
					<div>
						<span class="Apple-tab-span"></span> &lt;authentication-manager&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;authentication-provider&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;user-service&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;user name="root" password="123456" authorities="ROLE_ADMIN" /&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/user-service&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/authentication-provider&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/authentication-manager&gt;
					</div>
					
					
					
					<div>
						&lt;/beans:beans&gt;
					</div>
					
					
					<div>
						登陆使用post
					</div>
					<div>
						表单提交地址为：
					</div>
					<div>
						Request URL:http://127.0.0.1:8080/j_spring_security_check
					</div>
					<div>
						Request Method:POST
					</div>
					
					<div>
						j_username=111&amp;j_password=111
					</div>
					
					
					<div>
						参考form代码
					</div>
					<div>
						&lt;form role="form" action="/j_spring_security_check" method="post" class="login-form"&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span><span class="Apple-tab-span"></span> &lt;div class="form-group"&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span><span class="Apple-tab-span"></span> &lt;label class="sr-only" for="form-username"&gt;Username&lt;/label&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span><span class="Apple-tab-span"></span> &lt;input type="text" name="j_username" placeholder="Username..." class="form-username form-control" &gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/div&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;div class="form-group"&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span><span class="Apple-tab-span"></span> &lt;label class="sr-only" for="form-password"&gt;Password&lt;/label&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span><span class="Apple-tab-span"></span> &lt;input type="password" name="j_password" placeholder="Password..." class="form-password form-
					</div>
					
					<div>
						control" &gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/div&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span>
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;button type="submit" class="btn" id="loginbutton"&gt;Sign in!&lt;/button&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;/form&gt;
					</div>
					
					
					<div>
						测试:提交j_username=root&amp;j_password=123456 给 http://127.0.0.1:8080/j_spring_security_check 成功跳转 不是403
					</div>
					
					<div>
						5.(进阶)方法上加权限控制 防止直接post比如管理员文章不能匿名post
					</div>
					<div>
						spring-security.xml
					</div>
					
					<div>
						加
					</div>
					<div>
						&lt;!-- 开启注解pre --&gt;
					</div>
					<div>
						<span class="Apple-tab-span"></span> &lt;global-method-security pre-post-annotations="enabled" proxy-target-class="true" /&gt;
					</div>
					
					<div>
						然后在需要的方法上加
					</div>
					<div>
						@PreAuthorize("hasRole('ROLE_ADMIN')")
					</div>
					
					<div>
						6.(进阶)页面上开访问控制
					</div>
					<div>
						导包pom.xml
					</div>
					<div>
						&lt;dependency&gt;
					</div>
					<div>
						&lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
					</div>
					<div>
						&lt;artifactId&gt;spring-security-taglibs&lt;/artifactId&gt;
					</div>
					<div>
						&lt;version&gt;3.1.3.RELEASE&lt;/version&gt;
					</div>
					<div>
						&lt;type&gt;jar&lt;/type&gt;
					</div>
					<div>
						&lt;scope&gt;compile&lt;/scope&gt;
					</div>
					<div>
						&lt;/dependency&gt;
					</div>
					<div>
						需要的页面加
					</div>
					<div>
						&lt;%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %&gt;
					</div>
					
					<div>
						在页面主体里加
					</div>
					
					<div>
						&lt;body&gt;
					</div>
					<div>
						匿名用户只能看到这些 &lt;a href="/cp_login"&gt;去登陆&lt;/a&gt;
					</div>
					<div>
						&lt;sec:authentication property="principal" var="authentication"/&gt;
					</div>
					<div>
						&lt;sec:authorize ifAllGranted="ROLE_ADMIN"&gt;只有管理人员可以看到
					</div>
					<div>
						用户名：${authentication.username }&lt;br /&gt;
					</div>
					<div>
						&lt;/sec:authorize&gt;
					</div>
					
					<div>
						&lt;/body&gt;
					</div>
					
					<div>
						测试:匿名用户访问只能看到一行 登陆之后刷新页面 能看到新代码和用户名
					</div>
				</div>
				
				
				<p>
					 <a class="btn btn-primary btn-large" href="#">Learn more</a>
				</p>
			</div>
		</div>
	</div>
</div>
</body>
</html>